Patching servers for glibc (CVE-2015-7547) – remember to reboot!

This is a significant (though we’re not sure yet realistically how dangerous) buffer overflow bug in the Linux C library, glibc. The library handles system calls, for example, reading/writing to files.

It’s easy to update but… remember to reboot afterwards! That’s the main reason I wrote this up – there’s a note to this effect in the security advisories, but utilities like aptitude won’t remind you. All sorts of services could be using glibc and remain vulnerable until they’ve restarted. Dan Kaminsky, at length, on how bad it could be

Much as it’s nice to accumulate a large uptime value, a forced reboot is also a useful opportunity to check the relevant services on your machine will come up after a power outage and, for example, your firewall settings are being loaded correctly.

Recommendation: check your existing version before you update, so you can verify it’s changed afterwards:

sudo aptitude show libc6 (Debian)
or execute the library itself, e.g./lib64/libc.so.6(look for the line: Compiled on a Linux 2.6.32 system on [date])